Using the Static Flaw Information Endpoint

Veracode APIs

You can use the static_flaw_info endpoint of the Veracode Findings API to get additional information about a single finding discovered during a static analysis.

The Findings API is explained in Using the Findings REST API.

The static_flaw_info endpoint returns this information:
  • Name of the scanned module
  • Filepath to the file that contains the finding
  • Name of the function that contains the finding
  • Code line numbers where the finding exists
  • Attack vectors associated with the request
  • Calls in the associated call stack

Permissions and Authentication

Before you can use all the endpoints of the Findings API, you must have one of these account types:

The API provides improved security through HMAC authentication. Therefore, before using this API, you must configure your authentication.

Static Finding Data Path API Specification

The static_flaw_info endpoint uses the Static Finding Data Path API specification, which is available: